add some files
parent
d5dba2eb59
commit
130e101cc6
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: Reload nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
@ -0,0 +1,59 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
#worker_processes auto; # <- default is 1
|
||||
}
|
||||
|
||||
http {
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
|
||||
server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
gzip off; # compression and crypto don't mix
|
||||
|
||||
# include /etc/nginx/conf.d/*.conf; # Ansible
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
stream {
|
||||
include /etc/nginx/stream_rp.conf;
|
||||
|
||||
# Proxy request from the back end address
|
||||
map $ssl_preread_server_name $name_from_back {
|
||||
acme-v02.api.letsencrypt.org acme;
|
||||
r3.o.lencr.org r3;
|
||||
default self-back;
|
||||
}
|
||||
upstream acme {
|
||||
server acme-v02.api.letsencrypt.org:443;
|
||||
}
|
||||
upstream r3 {
|
||||
server r3.o.lencr.org:443;
|
||||
}
|
||||
upstream self-back {
|
||||
server 127.0.0.1:9443;
|
||||
}
|
||||
server {
|
||||
listen 192.168.10.1:443;
|
||||
proxy_pass $name_from_back;
|
||||
ssl_preread on;
|
||||
}
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
@ -0,0 +1,13 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
map $ssl_preread_server_name $name_from_front {
|
||||
default self;
|
||||
}
|
||||
upstream self {
|
||||
server 127.0.0.1:8443;
|
||||
}
|
||||
server {
|
||||
listen 172.20.198.2:443;
|
||||
proxy_pass $name_from_front;
|
||||
ssl_preread on;
|
||||
}
|
Loading…
Reference in New Issue